Node.js security patches delayed by OpenSSL updates

The Node.js Foundation was to have posted patches yesterday but wants to release them with the OpenSSL upgrades included

Node.js security patches delayed by OpenSSL updates
Jackie CC BY 2.0

Node.js patches will be delayed by as much as two days due to the impending release of updates to OpenSSL, which is leveraged in Node.js.

The Node.js Foundation announced a week ago that it would have patches out by yesterday to mend issues pertaining to potential denial-of-service and out-of-bound access vulnerabilities. But these security releases will wait until late Thursday or Friday, after OpenSSL releases security updates that impact versions 1.0.2, 1.0.1, 1.0.0 and 0.9.8 of OpenSSL. The intent is to release the Node.js fixes with the OpenSSL upgrades included.

Copyright © 2015 IDG Communications, Inc.

How to choose a low-code development platform